Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save henrik242/65d26a7deca30bdb9828e183809690bd to your computer and use it in GitHub Desktop.
Save henrik242/65d26a7deca30bdb9828e183809690bd to your computer and use it in GitHub Desktop.
@opsquid
Copy link

opsquid commented Aug 27, 2023

Awesome! It work for me, now the nagging DEP popup won't show anymore. Thank you.

@Solmonz
Copy link

Solmonz commented Aug 28, 2023

May I ask how to bypass MDM and update the system normally on the new version of macOS 14 (Sonoma)?

@grzesiolpl
Copy link

May I ask how to bypass MDM and update the system normally on the new version of macOS 14 (Sonoma)?

Disable annoying Remote Management Pop-Up after upgrading to macOS Sonoma (14)
Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system.

The Workaround

(1) Disable SIP in 1 True Recovery

(2)
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord

sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound

sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled

sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound

(3) you're all set. enjoy this boring upgrade

@Solmonz
Copy link

Solmonz commented Aug 28, 2023

May I ask how to bypass MDM and update the system normally on the new version of macOS 14 (Sonoma)?

Disable annoying Remote Management Pop-Up after upgrading to macOS Sonoma (14) Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system.

The Workaround

(1) Disable SIP in 1 True Recovery

(2) sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord

sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound

sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled

sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound

(3) you're all set. enjoy this boring upgrade
I am currently on macOS 12, and I want to reinstall, disable MDM, and then upgrade to the newer version. How should I proceed? I've been trying to figure this out for a while
How to disable SIP

@ehsan58
Copy link

ehsan58 commented Aug 29, 2023

May I ask how to bypass MDM and update the system normally on the new version of macOS 14 (Sonoma)?

Disable annoying Remote Management Pop-Up after upgrading to macOS Sonoma (14) Apple further added a new gate preventing people from using their DEP-enabled Macs without installing the profiles in macOS Sonoma. After upgrading from a fully-working Ventura copy (with MDM servers blocked in hosts) to macOS Sonoma DP 1, your Mac will want to give you a pop-up window every 10 mins reminding you to install a DEP profile. Did some experiments and I think Apple is secretly pinging their MDM servers no matter you have an active profile associated w/ SN or not. As long as the servers are not reachable they will annoy you with their new pop-up system.
The Workaround
(1) Disable SIP in 1 True Recovery
(2) sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord
sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigProfileInstalled
sudo touch /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordNotFound
(3) you're all set. enjoy this boring upgrade
I am currently on macOS 12, and I want to reinstall, disable MDM, and then upgrade to the newer version. How should I proceed? I've been trying to figure this out for a while
How to disable SIP

Disable System Integrity Protection Temporarily

To disable SIP, do the following:

Restart your computer in [Recovery mode] (https://support.apple.com/en-us/HT201314).

Launch Terminal from the Utilities menu.

Run the command csrutil disable.

Restart your computer.

@N4ssim
Copy link

N4ssim commented Aug 29, 2023

Hello, is it a good choice to buy a MacBook MDM for the next two years?

What should I check when buying a MacBook MDM?

I've already had a MacBook pro 2020 M1 MDM, but now I'm hesitating between a MacBook Pro 2021 M1 Pro 16/512 No MDM and a MacBook Pro 2021 M1 Pro 32/1T MDM for same price.

@iclumsy
Copy link

iclumsy commented Aug 31, 2023

Where can I buy a MDM macbook for a good price?

@Gorus23
Copy link

Gorus23 commented Aug 31, 2023

I am selling macbook pro 2021 m1 chip, 16 gb ram. It has only 3 battery cycles. I'm from Serbia and can send it to you. If you are interested, send me a message.

@MikeParder
Copy link

thanks @gwshaw for the edits!

Here is how you can bypass MDM completely ...

Boot to Recovery

Open Terminal and enable the root user and give it a password:

Enter the command below and press Enter

dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/root

There might be a slight directory difference between Intel/Silicon. If the command above does not work try using one of these variations:

/Volumes/Macintosh\ HD\ -\ Data/ or /Volumes/Data/

Enter a new password for root user. Note * If you choose a simple password be aware that the root user will be available as a user that can log into macOS which could present a risk to the security of the device.

Once complete click the Apple logo -> Reboot or in Terminal type Reboot then press Enter and let macOS start-up.

Show the hidden menubar and go to System Settings when the Setup Assistant begins by pressing Command + Option + Control + T together.

Click the Apple logo > System Settings -> Users & Groups

Create an admin user with your username and password then click Add Account. The authentication window will appear and autofill the username as user "System Setup". Change this to "root" and use the password you created earlier in Terminal.

Use the Apple menu and select Reboot and if this does not work, force off your Mac by holding the power button down at least 10 seconds.

Boot to Recovery again.

Open Terminal and enter the command below and press Enter.

touch /Volumes/Macintosh\ HD\ -\ Data/private/var/db/.AppleSetupDone

Then type Reboot and press Enter or force off your Mac again using the steps above.

If you found this helpful please donate! https://pay.siliconbypass.com

Thank you so much, this is what i used and it worked perfectly. With that said, i am still getting the popups every few hours or so reminding me to install the MDM. How do i get rid of that? The instructions above are not helping. Thanks!

@MikeParder
Copy link

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air
Need 3 things

  1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
  2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
  3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

  1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
  2. Once installed, go thru the account creation so you have an account
  3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.
On the DEP enabled M1/M2 Mac

  1. Boot to recovery mode
  2. Disk Utility
  3. Erase the internal physical disk
  4. Click on internal disk and use the RESTORE option, FROM the external SSD
  5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.
Once the restore is finished. Remove the External SSD Boot from the internal disk
You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.
Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.
Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.
Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.
Enjoy. took me a while to figure this out after trying many things.
I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.
You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.
Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Many thanks @maclover696 for your method... Could you please share the output when you do the below command in Terminal (to verify the DEP status) using your method in M2? Thanks
$ profiles status -type enrollment

here you go

Enrolled via DEP: No MDM enrollment: No

The screens for MDM enrollment never showed up because I completely bypassed it thru the first computer. Yes, it does require another M1 computer that' Non-DEP but that process is just once to build the External SSD OS once.

I did find some videos about disabling wifi, login, enable wifi, download some software (is that sofware safe? Something about Checkm8) but I don't want to install software - I'm sure it's fine since people are using it but I don't want to run csrutil either, terminal etc.

Anyway, I felt it was too much babysitting the process so I rather just instal lit twice with my method cuz I can just go to sleep after part 1 started and just do part 2 and set it and forget it.

Much easier and requires no real attention to watch it install.

And the benefit of my method is that my external SSD can be updated with latest software so any new Macs I install would have all of the software I normally want on it. Visual Studio code, nodejs, docker etc. It's an "golden image" for my own base build!

Glad I was able to contribute to this new method! I've been using the csrutil editing hosts tricks for many years. Frustrated a long time that I cannot do the same on M1 and Carbon Copy and SuperDuper are all failing also. My method can also help you dupe an working mac completely if you ever say upgrade to a new computer and co not want to reset- everything from scratch. I don't think Migration Assistant will migrate stuff I installed manually via GIT etc in various directories so I rather just copy it all as is in the future.

Thank you for posting this. I havent tried this method yet, I did the other one on here and it works but my device is stil getting popups and Its still showing MDM in terminal. Is there anyway you can get with me one on one, on telegram or something, to walk me through this? I can pay you for your troubles. Thanks!

@MikeParder
Copy link

Last question of the night! Promise! After doing this command:
(sudo profiles show -type enrollment), it shows the company info its enrolled to. I also get the popup in the corner reminding me. Even though i bypassed MDM, is there any way this company can still track the machine? or even worse, see into my icloud account? I am logged in with my apple ID and connected to my home wifi.

@Sergiu-Cocieru
Copy link

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air

Need 3 things

  1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
  2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
  3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

  1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
  2. Once installed, go thru the account creation so you have an account
  3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.

On the DEP enabled M1/M2 Mac

  1. Boot to recovery mode
  2. Disk Utility
  3. Erase the internal physical disk
  4. Click on internal disk and use the RESTORE option, FROM the external SSD
  5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.

Once the restore is finished. Remove the External SSD Boot from the internal disk

You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.

Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.

Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.

Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.

Enjoy. took me a while to figure this out after trying many things.

I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.

You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.

Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Does anyone know if I've used this method to enroll in MDM? Can I update without issues to macOS Sonoma?

@joshworksit
Copy link

joshworksit commented Sep 5, 2023 via email

@Salil999
Copy link

Salil999 commented Sep 9, 2023

Not sure if it helps but I found this website which might do it for you: https://skipmdm.com

You can verify the contents with curl https://raw.githubusercontent.com/skipmdm-phoenixbot/skipmdm.com/main/Autobypass-mdm.sh | cat

@mikevic18
Copy link

mikevic18 commented Sep 11, 2023

To save everyone time, the script provided on skipmdm is just what was discussed here previously put together in a nice script.
The current version linked is safe, but as it goes always check before you run something you got off the internet as the script can always be changed.
For anyone curious, here is the direct link to the script:
AutoBypass-mdm.sh

@Ran-Xing
Copy link

Ran-Xing commented Sep 12, 2023

I need an agent to help me sell my bypass service, use my technology or we can study new technologies together. At present, my research result is that I can bypass the MDM without didn't disabling SIP. The command line I need to use is only 20 characters, which contains multiple options, such as cleaning up WiFi information, waking up MDM, bypassing MDM, cleaning up MDM agent, creating users,and more。My authorization method is to bind the serial number, and a machine can be used for life. The price is $14. Friends in need can ask friends in China to pay me. My personal homepage has my email address.

@Ran-Xing
Copy link

I have been writing this program for a year. At first it was a script, but someone stole my script to make money, and later it was changed to an encrypted program. At the beginning, I collected MDM Agent information and deleted plist file and agent App together.Later, this situation was less, so we just need to bypass and disable MDM.

@Ran-Xing
Copy link

Ran-Xing commented Sep 12, 2023

At first, I used some simple command lines to bypass the MDM,But some people can't access google and github, so I provide $1 technical service.(Video guidance)

What I do is not simple copying and pasting, because ordinary users can't use the command line, and it's easy to input case errors and even spaces. I don't have this much energy.I arranged all the necessary steps into options for users to choose, and even provided videos, notes and communication groups.

Later, I found all kinds of MDM-Agent, I knew that I needed to constantly optimize them, so the price rose to $7.

Later, some seniors criticized me and my peers slandered me. I once thought about giving up.But I still have dozens of customers, and I can't leave them alone, and these users pay enough money for me to buy some fruit. Even without me, there will be another one. The main reason why I spend so much time studying is that these are too expensive. (check8 or other)

My main client is from China, so most of the documents are in Chinese. Please forgive me, you can use Google Translation.

** I'm here now because I think the brother above has the same experience as me, and I'm afraid he will replace me. @skipmdm-phoenixbot. His growth may pose an indirect threat to me **

  • I am also a MDM Mac user.
  • I update faster than other organizations.
  • I will communicate with my clients.

video: https://b23.tv/shTJigT
options:
1000013757

1000008739
1000012318
1000012317
1000012316
1000012315
1000011743
1000013147

@Elec-trick
Copy link

Is there anyone who has tried installing MacOS Sonoma on bypassed MB M1?

@ehsan58
Copy link

ehsan58 commented Sep 24, 2023

Since only 2 days are left for Sonama's final release. This is my question, will we have any problems after upgrading to Sonoma? I now work easily on ventura without bypass. Will I have the same experience with the upgrade? Or it is an issue that should be considered
Thank you all

@mikevic18
Copy link

I am running Sonoma, just upgrade manually and make sure to have blocked in the hosts file and in the router's settings the domains listed in this thread. After upgrading, check your hosts file and make sure that the services are still disabled. Additionally, you could block access to the internet of the services using a firewall like Little Snitch to make sure that even if Apple has added an additional domain or whatever type of check, all the traffic to and from the services is blocked.

@klnvsky
Copy link

klnvsky commented Sep 26, 2023

Has anyone used the site skipmdm.com? it helps to bypass the blocking and everything works well, but are there any risks associated with this?

@lynndixon
Copy link

Has anyone used the site skipmdm.com? it helps to bypass the blocking and everything works well, but are there any risks associated with this?

You can always see exactly what their script is doing here: https://raw.githubusercontent.com/skipmdm-phoenixbot/skipmdm.com/main/Autobypass-mdm.sh

Not to mention their script is housed here: https://github.com/skipmdm-phoenixbot/skipmdm.com

See for yourself....

@klnvsky
Copy link

klnvsky commented Sep 26, 2023

Has anyone used the site skipmdm.com? it helps to bypass the blocking and everything works well, but are there any risks associated with this?

You can always see exactly what their script is doing here: https://raw.githubusercontent.com/skipmdm-phoenixbot/skipmdm.com/main/Autobypass-mdm.sh

Not to mention their script is housed here: https://github.com/skipmdm-phoenixbot/skipmdm.com

See for yourself....

I’m not the programmer to be honest. And I don’t understand what does it mean :( I just want to use my MacBook and not to lose my files and data…
If you can explain - I would be very grateful!

@lynndixon
Copy link

Has anyone used the site skipmdm.com? it helps to bypass the blocking and everything works well, but are there any risks associated with this?

You can always see exactly what their script is doing here: https://raw.githubusercontent.com/skipmdm-phoenixbot/skipmdm.com/main/Autobypass-mdm.sh
Not to mention their script is housed here: https://github.com/skipmdm-phoenixbot/skipmdm.com
See for yourself....

I’m not the programmer to be honest. And I don’t understand what does it mean :( I just want to use my MacBook and not to lose my files and data… If you can explain - I would be very grateful!

this script essentially runs all the command that have been recommended in this long thread. It appears that it would work. I would do this on a clean reinstall. Following their instructions should result in success, and nothing nefarious being installed or done to your machine.

@klnvsky
Copy link

klnvsky commented Sep 26, 2023

Has anyone used the site skipmdm.com? it helps to bypass the blocking and everything works well, but are there any risks associated with this?

You can always see exactly what their script is doing here: https://raw.githubusercontent.com/skipmdm-phoenixbot/skipmdm.com/main/Autobypass-mdm.sh
Not to mention their script is housed here: https://github.com/skipmdm-phoenixbot/skipmdm.com
See for yourself....

I’m not the programmer to be honest. And I don’t understand what does it mean :( I just want to use my MacBook and not to lose my files and data… If you can explain - I would be very grateful!

this script essentially runs all the command that have been recommended in this long thread. It appears that it would work. I would do this on a clean reinstall. Following their instructions should result in success, and nothing nefarious being installed or done to your machine.

Thank you so much, hope all will be great! Have a nice day :)

@JediRhymeTrix
Copy link

Sonoma is here. Let's keep experiences/observations coming.

@Sergiu-Cocieru
Copy link

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air
Need 3 things

  1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
  2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
  3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

  1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
  2. Once installed, go thru the account creation so you have an account
  3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.
On the DEP enabled M1/M2 Mac

  1. Boot to recovery mode
  2. Disk Utility
  3. Erase the internal physical disk
  4. Click on internal disk and use the RESTORE option, FROM the external SSD
  5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.
Once the restore is finished. Remove the External SSD Boot from the internal disk
You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.
Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.
Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.
Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.
Enjoy. took me a while to figure this out after trying many things.
I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.
You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.
Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Does anyone know if I've used this method to enroll in MDM? Can I update without issues to macOS Sonoma?

Unfortunately, no. After the update, a fullscreen Device Enrollment popup started appearing. Does anyone know of a solution?

@haohanw
Copy link

haohanw commented Sep 27, 2023

**** WORKING!!! ******. HI EVERYONE! I have a simplified way I figured out today to bypass DEP today with Ventura against a M2 Macbook Air
Need 3 things

  1. A separate M1/M2 Mac (could be anytjhing, macbook, studio, etc). this machine must not have DEP/Business Manager enabled
  2. Create a USB Boot installer flash drive with Ventura - you can google the instructions on how to create a boot usb drive.
  3. An external SSD that you can install a fresh OS on. I just use a sandish extreme USB 3.1 256GB drive.

Steps I did On the non-DEP M1/M2 Mac

  1. USB BOOT installer and install Ventura on the External SSD --- using the non-DEP Mac
  2. Once installed, go thru the account creation so you have an account
  3. Boot from USB SSD drive just to make sure it is working.

Now you have a bootable external disk.
On the DEP enabled M1/M2 Mac

  1. Boot to recovery mode
  2. Disk Utility
  3. Erase the internal physical disk
  4. Click on internal disk and use the RESTORE option, FROM the external SSD
  5. Let it run - will take a while.

Now you jsut copied the clean ventura to the internal drive.
Once the restore is finished. Remove the External SSD Boot from the internal disk
You WILL get an error that it cannot find the OS or some other stupid errors like no owner, or some other silly error... don't worry.
Now you boot again using the USB BOOT Ventura disk. REINSTALL Ventura again on the internal disk - DO NOT DO ANY DISK FORMATTING this time.
Once USB Installer is done, reboot - you will get to the login prompt of the user you created on the initial fresh install. you will have a working Ventura M1/M2 that just bypassed DEP/Business Manager.
Why this works? Because you first lay down the image on internal disk but due to some apple security, it will never boot unless you "fresh install" it. But the good things about fresh installs, Apple doesn't really wipe the system, it just lays whatever that is necessary for the OS. This means it will fix the ownership of the disks, do whatever it does but won't overwrite local accounts etc. so you will not get prompted for DEP enrollment. I don't know the actual internal details but I just know this works.
Enjoy. took me a while to figure this out after trying many things.
I do not need to do any /etc/hosts hacks, csrutil, etc. nothing. It's pretty simple to do but it does require a double install but it's easier than editing files.
You could in theory transfer a fully working Mac to another Mac now but I don't need to do that so I did the clean Ventura Install.
Now I can use this method to clean/wipe any DEP enabled machine and have myself a "pre-built" machine with certain things like chrome etc already installed. I can just boot from the external SSD periodically to get new updates of OS and software and continue to use it on any new Macs I wipe.

Does anyone know if I've used this method to enroll in MDM? Can I update without issues to macOS Sonoma?

Unfortunately, no. After the update, a fullscreen Device Enrollment popup started appearing. Does anyone know of a solution?

Someone mentioned that after downloading the update and reboot, you should unplug the router to disconnect from the network .During the restart after the installed, your mac may communicate with the MDM server. Considering that your SN exists on the MDM server, if there is successful communication, a pop-up might appear.

@Uanqaoh
Copy link

Uanqaoh commented Sep 27, 2023

is there any other way to run "sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigHasActivationRecord sudo rm /var/db/ConfigurationProfiles/Settings/.cloudConfigRecordFound sudo touch " without closing SIP? every time I turn on sip, these two files will reappear again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment